[Cryptography] Cost of remembering a password
Phillip Hallam-Baker
phill at hallambaker.com
Sun Aug 17 13:26:59 EDT 2014
On Sun, Aug 17, 2014 at 4:09 AM, Guido Witmond <guido at witmond.nl> wrote:
> On 08/16/14 18:18, Bear wrote:
>
>> Whatever your password manager runs on, is a trusted system -
>> ie, one whose compromise could absolutely destroy your security.
>> And if it is a conventional system running software, then it
>> is running something invisible and modifiable which I cannot
>> fully inspect, ie, it is not trustworthy.
>>
>> We must never create trusted systems which are not trustworthy.
>
> The current design - where people type in passwords - is also considered
> a trusted system. It's trusted not to leak the passwords when these are
> typed in. The amount of keyloggers show that this trust is not warranted.
Its not just considered trusted, it is trusted. So was MSDOS back in the day.
It wasn't trustworthy though.
Trusted Computing Group did not like it when I raised that nit at
their meeting...
> Then there is the issue that people do not validate which is the
> expected CA that signed a sites' server certificate, turning a TLS into
> a trusted system too. What price should we put on that?
>
> Or the price of clicking the "I don't understand, I just have to click
> yes to proceed" button. What price should we put on that?
Another area where common practice is utterly wrong.
More information about the cryptography
mailing list